How to delete a passkey

Hi, I am trying to add passkeys to my app. According to the sample code, I need to create a passkey and verify it with the server. But what if I make a passkey successfully but fail to finish the server request? The passkey will still be stored in the keychain. Can I delete it programmatically?

Answered by Systems Engineer in 721627022

Passkeys can't be deleted programmatically, just like a user's passwords. If a user wants to delete their passkey, they can do so in Settings > Passwords.

Accepted Answer

Passkeys can't be deleted programmatically, just like a user's passwords. If a user wants to delete their passkey, they can do so in Settings > Passwords.

Is it possible to delete passkeys in macOS Ventura? I've been doing some testing with Safari 16 and have dozen or so passkeys that weren't successfully registered on the server. Would be nice to be able to clear them, but I don't see any options for that in macOS Ventura beta 3 (22A5295h).

I understand that a user can delete their own Passkey through Settings, but guideline 5.1.1(v) dictates "apps that support account creation must let users initiate deletion of their account within the app".

As Passkeys, and thus an account, can be generated from within the app - the requirement here means we need to be able to delete them from within the app too. This means programmatically - with validation to ensure we can only delete our own passkeys, and indeed ensuring that the user wants to delete it (with a modal).

Also, with the ability to delete a passkey (and presumably their only way of accessing their account) outside of the app, it leads us with orphaned accounts. Accounts which exist on the server but the user cannot access.

What is the best pattern here?

I would echo James' comment/sentiment ... that per the Passkey guidelines, the app MUST provide the end user with a method/mechnism to delete the associated passkey ...

I'm in a situation where I've changed my Apple ID ... the old Apple ID did have a (just 1) passkey associated with developer.apple.com ... once the Apple ID change was complete, I can still login to developer.apple.com, but the authentication splash screen shows my old Apple ID (so the change just isn't clean) ... and I have NO METHOD to delete that passkey

How to delete a passkey
 
 
Q